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REMARKS 

This Request for Reconsideration Amendment is filed in 
response to a Non-Final Office Action of August 13, 2009 in 
which claims 129-182 were rejected. 

Original claims 158-180 filed with RCE of July 14 2009 are 
amended to provide consecutive order numbers for the claims 129- 
182 and to correct referral numbers in dependent claims to the 
claims they are dependent from. 

The applicant would like to point out that arguments 
presented in Remarks of the RCE with Amendments submitted to the 
USPTO on July 14 2 009 and Remarks of the Amendments submitted to 
the USPTO on January 21 2009 are fully applied. 

Claim Rejections - 35 USC § 112 
Examiner^ s Position; 

Claims 136, 159 and 172 are rejected under 35 USC 112, 
first paragraph, as failing to comply with the written 

description requirement. These claims recite "an index 
indicating how to enter .... Transmission event unabridged" which 
is not described in the specification. 

Applicant^ s Response ; 

The applicant disagrees with the Examiner. The following 
excerpts from the specification providing the support of the 
subject matter of claims 136, 159 and 172 (it is reasonably 
assumed that a "transmission event" may be a "notification"), 
wherein underlined and bolded words/phrases provide the support: 
Staring on page 5 line 30 through page 6 line 12: 
"For example, an index may indicate the data structure that 
contains an observation record exhibiting a characteristic, 
and/or the record^ s location within the data structure . An 
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index may be created based on any of numerous observation record 
characteristics. For example, an index may provide an 
indication of the location of a particular type of notification , 
an originating IP address, a destination IP address, any other 
suitable data value, or a combination thereof. 

By storing and/or indexing data in this manner (i.e., in 
relatively small data structures) , the system may provide for 
the storage of network event notification data as it is 
processed in its entirety. That is, rather than storing 
summarized and/or normalized network activity data (which many 
conventional systems may do in order to mitigate the storage 
overhead and/or inaccessibility issues that arise with 
conventional databases) , an observation record may store a 
notification in the complete foirm in which it was originally 
reported . As a result, data analysis may employ the actual 
notification, rather than a summary or normalized version of the 
notification, yielding improved data forensics. 

In addition to storing notifications in their entirety , ... . " ; 

Staring on page 11 line 14 through page 11 line 14: 

"It should be appreciated that, although there may be 
diagnostic benefits to loading network event notifications in 
their entirety to storage, the invention is obviously not 
limited in this regard. Any suitable portion of a notification, 
up to and including an unabridged version, may be loaded to 
storage . " 

Claim Rejections - 35 USC §103 
Examiner^ s Position; 

Claims 129-135, 137-140, 142-145, 148-154, 156-158, 160-171, 
173-176 and 178-179 23-26, 27, 36-39, 82, 91-94 and 109-128 are 
rejected under 35 U.S.C. 103(a) as being unpatentable over 
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Khanokar et al . (U.S. Patent No. 6560443) in view of Wiley et 
al . (US 7382756) . 

Claims 141, 155 and 177, are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Khanokar et al . in view of Wiley et 
al . as applied to claims 129, 148 and 166 and further in view of 
Richards et al . (US 2005/0015461). 

Claims 146, 147, 181 and 182 are rejected under 35 U.S.C. 
103 (a) as being unpatentable over Khanokar et al . as applied to 
claims 12 9, 148 and 166 and further in view Microsoft Computer 
Dictionary, 5th Edition. 

Applicant's Response; 

The applicant would like to emphasize that arguments 
presented in Remarks of the RCE with Amendments submitted to the 
USPTO on July 14, 2009 are fully applied in reference to a 
subject matter contained in newly drafted claims as submitted on 
July 14, 2009, contrary to what is alleged by the Examiner. 

The Examiner stated in the Response to Argument Section of 
the August 13 2009 Office Action that the arguments submitted in 
the RCE on July 14, 2009 are directed to cancelled claims. That 
is not accurate. 

The arguments presented in the RCE submitted to the USPTO 
on July 14, 2009 are even more applied to a newly drafted claims 
129-182 . Since the Examiner did not consider these argtiments in 
the Office Action of August 13 2009, these arguments are 
partially repeated here for the completeness of the full 
response . 

Furthermore, the Examiner's arguments in regard to the 
prior art quoted by the Examiner are analyzed based on MPEP 
guidelines which are stated in the MPEP Paragraph 2143 as 
follows : 
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"To establish a prima facie case of obviousness three 
basic criteria must be met. First, there must be some 
suggestion or motivation, either in the references themselves 
or in the knowledge generally available to one of ordinary 
skill in the art, to modify the reference or to combine 
reference teachings. Second, there must be a reasonable 
expectation of success. Finally, the prior art reference (or 
references when combined) must teach or suggest all the claim 
limitations . 

The teaching or suggestion to make the claimed 
combination and the reasonable expectation of success must 
both be found in the prior art, not in Applicant's disclosure. 
In re Vaeck, 947 F.2d 488, 20 USPQ2d 1438 (Fed. Cir. 1991)." 

In reference to independent claim 12 9 (and other 
independent claims) of the present patent application, the 
Examiner stated that Wiley et al . disclose a second step of 
claim 129: 

"creating one or more characterization records for at least 
one data structure of said one or more data structures, one or 
more transmission events of said plurality of the transmission 
events being collected to said at least one data structure of 
said one or more data structures, wherein at least one of said 
one or more characterization records comprises one or more 
indicators of a location or locations of one or more data 
elements comprised in at least one of said one or more 
transmission events , to allow accessing said at least one of the 
one or more characterization records to determine said one or 
more indicators of the location or locations of said one or more 
data elements . " (e.g., see step 320 in Figure 3A and col. 5 
lines 25-67 and col. 7 lines 1-51 of the present patent 
application) 
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The applicant is of opinion that Wiley et al . do not 
disclose the step of "creating ..." (see underlined and bolded 
text) referenced above as recited in claim 12 9 which was argued 
and explained in detail in the remarks of the RCE submitted to 
the USPTO on July 14 2009. 

Indeed, Wiley et al . disclosed root and child datasets 50 
(54 and 56) shown in figure 2, such that root datasets having 
pointers 106, 108, 110 and 112 shown in figure 3 of Wiley et al . 
which may be updated when child and/or sibling databases are 
created, such that the root datasets can point out to the child 
or sibling datasets (e.g., see col. 5, lines 22-25, col. 5, 
lines 53-56, col. 6, lines 11-15, col. 6, lines 27-28 of Wiley 
et al. ) . 

The applicant's understanding is that the Examiner alleged 
that the description provided by Wiley et al . may be 
interpreted, such that the root datasets of Wiley et al . with 
pointers may be equivalent to " at least one of said one or more 
characterization records comprises one or more indicators of a 
location or locations of one or more data elements " as recited 
in claim 129 of the present patent application, and child (or 
sibling) datasets of Wiley et al . may be equivalent to " the 
location or locations " where the " one or more data elements " are 
recorded as recited in claim 12 9 of the present patent 
application. 

However, the above "equivalency" is not applicable to claim 
129 of the present patent application wherein the term 
" creating " is used, because the " at least one of said one or 
more characterization records " recited in claim 129, according 
to embodiments of the present invention, should be created for 
transmission events (or notifications) collected into a data 
structure, such that created " at least one of said one or more 
characterization record comprises one or more indicators of a 
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location or locations ) of one or more data elements comprised in 
the received " one or more transmission events ... collected to 
said at least one data structure " , as recited in claim 129 of 

the present patent application. Then the disclosure of Wiley et 
al . would not read onto claim 12 9, because the root dataset of 
Wiley is created when child datasets do not exist yet (nothing 
to point at) , and pointing out to a sibling database (having 
reverse root keyset 102 as shown in figure 3 of Wiley et al . ) 
would not matter, because the pointer (s) in the root dataset in 
Wiley et al . should indicate the location of data element (s) 
comprised in the transmission events (or notifications) for 
which this root dataset is created (as recited in claim 129 of 
the present invention), but this is not what Wiley et al . 
disclose . 

In other words, since in Wiley et al . a new dataset 50 is 
automatically created by the dataset generator 62 just for one 
transmission event as stated in col. 5 lines 22-25 of Wiley et 
al . , then in order to read the disclosure of Wiley et al . onto 

claim 129 of the present patent application, the created root 
dataset of Wiley et al . should have a pointer to itself , which 
apparently is not the case and is not disclosed by Wiley et al . 

Therefore, none of the references (Khanokar et al . or Wiley 
et al . ) quoted by the Examiner teach or disclose a second step 
of claim 129 quoted herein, such that none of these references 
disclose all limitations of claim 129, as required by the MPEP 
Paragraph 2143 quoted herein, which makes claim 129 non-obvious 
and not unpatentable over Khanokar et al . in view of Wiley et 
al . under 35 U.S.C. 103(a), contrary to what is alleged by the 
Examiner . 

Independent claims 14 9 and 166 have a similar scope as 
claim 129 and therefore also not unpatentable over Khanokar et 
al . in view of Wiley et al . under 35 U.S.C. 103(a). 
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The non-obviousness and patentability of dependent claims 
130-148, 150-165 and 187-182 is provided by novelty and non- 
obviousness of the independent claims 129, 149 and 166 they are 
dependent from (directly or indirectly) . More arguments in 
reference to unique limitations of dependent claims 13 0-148, 
150-165 and 187-182 may be presented by the applicant if 
requested by the Office. 

* * * 
CONCLUSION 

The objections and rejections of the Non-Final Office 
Action of August 13, 2009 having been obviated by amendment or 
shown to be inapplicable, withdrawal thereof is requested and 
passage of all claims to issue is earnestly solicited. 

Respectfully submitted, 
KELLEY DRYE & WARREN LLP 
Attorneys and Agent for Applicants 



Date: October 27, 2009 
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